TaintedSql
User-controlled input reaches a SQL sink without parameterization, creating a SQL injection risk.
Example
Section titled “Example”<?php$id = $_GET['id'];$db->query("SELECT * FROM users WHERE id = $id"); // injection riskHow to fix
Section titled “How to fix”Use prepared statements with bound parameters.
<?php$stmt = $db->prepare('SELECT * FROM users WHERE id = ?');$stmt->execute([$_GET['id']]);